package com.its.config;

import com.its.handle.*;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/*
*SpringSecurity配置类
*
* */

@Configuration
@Order(1)
public class AdminSecurityConfig extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /*//1.自定义表单登录拦截
        http.formLogin(login -> {
           login.usernameParameter("username"); //自定义登录账户键名
           login.passwordParameter("password"); //自定义登录密码键名
           *//*login.loginProcessingUrl("/admin/AdminLogin"); *//*//自定义登录页面请求路径
           login.successHandler(new MyAdminLoginSuccessHandle()); //自定义登录成功处理器
           login.failureHandler(new MyAdminLoginFailureHandle()); //自定义登录失败处理器
        });

        //2.自定义退出
        http.logout(logout -> {
            logout.logoutUrl("/Admin/AdminLogout"); //自定义退出路径
            logout.logoutSuccessHandler(new MyAdminLogoutSuccessHandle()); //自定义退出成功处理器
            logout.clearAuthentication(true);//退出后清除登录数据
            logout.invalidateHttpSession(true);//退出后销毁Session
        });

        //3.自定义权限拦截
        http.authorizeRequests(resp -> {
           resp.antMatchers("/Admin/AdminLogin", "/Member/MemberLogin").permitAll();
           resp.anyRequest().authenticated();//拦截其余所有请求进行登录验证
        });

        //4.关闭csrf防护
        http.csrf().disable();
*/
        //5.异常处理
       /* http.exceptionHandling(exce -> {
           exce.authenticationEntryPoint(new MyAuthenticationEntryPoint());
           exce.accessDeniedHandler(new MyAccessDeniedHandler());//自定义权限校验失败的处理逻辑
        });*/

        http
                .cors() // 必须配合 CorsConfigurationSource 才能生效
                .and()
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/Admin/AdminLogin","/Member/MemberLogin").permitAll()
                .anyRequest().authenticated();

        // 禁用 Spring 默认的 formLogin/logout，避免 302
        http.formLogin().disable();
        http.logout().disable();
    }



}
